SonicWALL 2.5 Security Camera User Manual


 
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATORS GUIDE
69
Network > Zones
C
HAPTER
11
Chapter 11: Configuring Zones
Network > Zones
A Zone is a logical grouping of one or more interfaces designed to make management, such as the
definition and application of Access Rules, a simpler and more intuitive process than following strict
physical interface scheme. Zone-based security is a powerful and flexible method of managing both
internal and external network segments, allowing the administrator to separate and protect critical
internal network resources from unapproved access or attack.
A network security zone is simply a logical method of grouping one or more interfaces with friendly,
user-configurable names, and applying security rules as traffic passes from one zone to another
zone. Security zones provide an additional, more flexible, layer of security for the firewall. With the
zone-based security, the administrator can group similar interfaces and apply the same policies to
them, instead of having to write the same policy for each interface.
Â
Cross Reference: For more information on configuring interfaces, see Chapter 9 Configuring
Interfaces.
SonicOS Enhanced zones allows you to apply security policies to the inside of the network. This
allows the administrator to do this by organizing network resources to different zones, and allowing or
restricting traffic between those zones. This way, access to critical internal resources such as payroll
servers or engineering code servers can be strictly controlled.
Zones also allow full exposure of the NAT table to allow the administrator control over the traffic
across the interfaces by controlling the source and destination addresses as traffic crosses from one
zone to another. This means that NAT can be applied internally, or across VPN tunnels, which is a
feature that users have long requested. SonicWALL security appliances can also drive VPN traffic
through the NAT policy and zone policy, since VPNs are now logically grouped into their own VPN
zone.
How Zones Work
An easy way to visualize how security zones work is to imagine a large new building, with several
rooms inside the building, and a group of new employees that do not know their way around the
building. This building has one or more exits, which can be thought of as the WAN interfaces. The
rooms within the building have one or more doors, which can be thought of as interfaces. These
rooms can be thought of as zones inside each room are a number of people. The people are
categorized and assigned to separate rooms within the building. People in each room going to
another room or leaving the building, must talk to a doorperson on the way out of each room. This